Hi malware fighters,
Do not go out here: hxtp://v608.vanager.de/cgi-bin/nph-proxy.cgi/000010A/x-proxy/start
Avast did not flag, but NoScript stopped suspicious behavior in its tracks:
[NoScript XSS] Sanitized suspicious upload to [http://v608.vanager.de/cgi-bin/nph-proxy.cgi/000010A/x-proxy/start] from [hxtp://www.mmproxy.com/]: transformed into a download-only GET request.
But was given clean here: http://scanner.novirusthanks.org/analysis/b9a4635b0060ecd9e7c4300596cb3783/aW5kZXg=/
Further analyzing it gave a hidden link here via infospider.de (site with iFrame source with 111 levels!!!)
with this hidden link on it:
*